Heap-based Buffer Overflow in Citrix Provisioning Services
CVE-2012-4068

Currently unrated

Key Information:

Vendor: Citrix
Status: Provisioning Services
Vendor: CVE Published:; 26 July 2012

Summary

A heap-based buffer overflow vulnerability exists in the SoapServer service of Citrix Provisioning Services versions 5.0 to 6.1. This allows malicious remote attackers to exploit the flaw by sending crafted strings related to date and time data, potentially leading to arbitrary code execution on the affected system.

References

http://www.verisigninc.com/en_US/products-and-services/ne...

third-party-advisoryx_refsource_IDEFENSE

https://exchange.xforce.ibmcloud.com/vulnerabilities/75311

vdb-entryx_refsource_XF

http://support.citrix.com/article/ctx133039

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 26, 2012
Vulnerability Reserved
Jul 26, 2012